Hardware
In smartphones, you have something called a baseband radio processor which is usually a chip that manages all the antenna radio functions and they typically use their own RAM or firmware and its software is usually proprietary. The code usually is not security tested but some security researchers have reverse-engineered some of these baseband chips and they have found security vulnerabilities that could be used to access and modify data on the phone remotely. For example, back in 2014, makers of the free Android derivative replicant announced that they had found a back door in the baseband software of the Samsung Galaxy phones and this allowed remote access to user data that was stored on the phone. So you can’t trust the hardware on the phones either.
Updates
Application, Operating system auto-updates are a potential problem as updates can install malware. A bad actor through coercion or legal means could force updates with backdoors, Trojans, key loggers, etc.. and some of the mechanisms can specifically target individual devices to target specific people which is even more concerning. The iOS update for example is device-specific so if Apple was to forced or chose they could send a malicious update to a targeted individual, a targeted phone. This could be a key logger to capture your PIN and completely eradicate the fact that you’ve got encryption on the device or it can be anything. The FBI actually tried to get Apple to do this very thing! So auto-updates, although they are important for security they are a potential security risk.
Location Tracking via Wifi
The WI-FI and Bluetooth within your smartphone can also cause privacy and anonymity issues. When they are switched on the access points that are near them and around them and that are in range can track you because you send out a unique MAC address that is observable in the wireless signal and you don’t even need to be that near to track Wi-Fi users you just need a large enough antenna. Corporations have established networks of access points to track mobile phones as they move from access point to access point as they travel. Nation-States are undoubtedly using the same techniques and have probably got deals with companies that own lots of Wi-Fi access points. It makes sense and It’s an easy way of tracking. As you travel from point to point your MAC address effectively gives away where you’re going, in what direction, and at what relative speed.
Unfortunately, it’s not easy to change the MAC address on smartphones and often you have to jailbreak the phone which makes them less secure which isn’t good. However, device manufacturers have recognized this tracking problem though. For example, iOS 8 and above randomizes your iPad iPhone MAC address so your activity cant easily be tracked across networks. So that means it’s almost impossible to cleanly modify your MAC address. For some phones like Android, you can get apps to change the MAC. This sort of tracking is only useful if someone knows your MAC address in advance obviously and generally works at a short distance
To prevent tracking via WI-FI the best thing is to switch it off and switch off your Bluetooth. Although that can be a pain but this is a current and active method of tracking and corporations are monetizing it. Certainly, if corporations can start to profile you then you’re going to get sold things when you get to certain places.
Location Tracking via GPS
Location information can leak from apps and while you are doing web browsing. Smartphones can determine its own location as you will be aware or most phones can be and the main method is via GPS. They can also reference cell towers and Wi-Fi network information through third-party apps and one danger is the app’s provider knowing where you are at all times and recording the history of this. Another is the process of transmitting that data and that it could be picked up by your adversary. Say when it is sent over the Internet unencrypted you don’t know how all of your apps send the information and you may have dozens of apps querying and processing your location information.
So if this concerns you these would all need to be disabled but you can’t really reliably do this. Apps change over time, The OS changes over time and In fact it changes quickly and so do the apps. You can’t know that you are completely safe with all these apps and all these changes. So again it’s a best efforts approach and a lot of these apps are very useful. The best mitigation is not installing them in the first place and disabling the GPS functionality and Wi-Fi if you’re not using it.
Profiling
All this information provides historical data of where you were and with who. Nation-states and agencies are known to cross-correlate what you and others do, creating profiles and so will be able to determine your friends, associates, co-travelers, and behaviors, and other information based on your phone patterns and this will build a profile of you.
When turning your phone off, It is possible that you could have Malware on your phone that makes your phone appear as if it’s switched off when in fact it is still powered on but presents a blank screen to appear powered off. In this mode, it continues to monitor you but if your phone is genuinely switched off or the battery is out then you cannot be monitored. But switching your phone off provides information on where you switched it off, which other people around you switched their phones off at the same time, when you switched it back on and where. This metadata can provide information about your activities. Maybe it’s at a cinema you switched your phone off or maybe it’s at a secret meeting with all the other people that switched their phone off as well. You should always switch your phone off before you reach locations that are sensitive such as a secret meeting or don’t take it at all.
Burner phones which are also called dropped phones are temporary prepaid phones used for anonymity and separating aliases. In some countries, it’s easy to get Sims and prepaid phones anonymously than in others. As mentioned before nation-states and agencies are known to cross-correlate what you and others do. So even with a burner phone, they’re able to determine your friends, associates, co-travelers, behaviors, and other information based on your phone patterns. This will build a profile of you and can associate a burner phone with all the phones you have used
Calling pattern analysis can indicate who you are. For example, if you make and receive calls to a similar set of numbers they will easily know it’s you even if you’re using a burner phone. So for example you might be the only person that calls your mother, your sister, and Mrs. Stark’s pie shop down the road from that number. Sophisticated auto analysis systems are known to exist to do this correlation to identify the users of phones and this is an article about the U.S. government system that does this very thing. Phones that are switched on occasionally and for short periods of time are marked as potential burner phones. They then cross-correlate with other phones in the area for profiling
You will more than likely need multiple phones if you want maximum privacy and anonymity and on those phones, you might want to try changing the operating system to one that is more security, privacy and anonymity focused such as Replicant, Ubuntu, Omnirom, Copperhead OS, etc..
If you are on Android I have seen statistics up to 97 percent of malware on the mobile platform is targeted at Android. This is because of the huge and increasing market share of Android and hackers go where the money flows. So expect much more to come for Android and In fact, it will be better to avoid Android purely based on those statistics.
So that’s a summary of why serious security, privacy, and anonymity using a mobile device and a mobile network against a well or major resource adversary is extremely difficult.